The Future of IAM Security: It's Continuous, It's Tested
Everything that has a beginning also has an end...except a circle. IAM is going through a renaissance, if you will, and it is referred to as Continuous Identity or Modern IAM. Testing for IAM can be complicated already. With the move to continuous it is transforming into event-driven IAM and takes an already complicated domain and adds in constantly changing context, fun times! So, how do you test something that is constantly evolving and changing based on dynamic business needs, security or policy? You take the blue pill, the IAM story ends. You wake up in your bed and believe whatever you want to believe. You take the red pill, you stay in Wonderland, and I show you how deep the IAM rabbit hole goes. This session will give a brief introduction into IAM to set the foundation. Next, it will lightly cover where it is heading with the continuous aspects. It will then dive into the details on how to potentially test and validate all the associative contextual changes and external factors like security, behavioral patterns and evolving policy changes.
Sean O'Dell is a Senior Staff Security Engineer spanning both Consumer and Workforce Identity at The Walt Disney Company. He has over 25 years of experience in engineer spanning multiple disciplines specializing in high availability, scalability and security. He is a frequent speaker at identity conferences, been on podcasts covering identity security, an active participant in standards development organizations including the OpenID Foundation, and written about many subjects…with more coming soon. He is a technical leader and trusted technical advisor to executives at The Walt Disney Company where he has been instrumental in both Workforce and Consumer IAM strategy over the past 12 years covering security, product, engineering, implementation and architecture while also acting as a principal advisor in the same capacity for key mergers and acquisitions helping to shape overall company decisions and direction. He is an identity expert and passionate about all the things identity, engineering, security and problem solving. His interests and focus are currently in consumer identity, next generation authorization, data science, identity data, machine identities, behavioral analysis, zero standing privilege, threat detection and response, shared signals, machine learning and overall identity security...especially the continuous aspect.